Configuring Exchange Hybrid Cross-Forest Permissions

Cross-forest permissions have long been one of the more difficult aspects of an Exchange Hybrid migration. Ensuring mailbox permissions are preserved can be a major undertaking.

Exchange Hybrid migrations did not support any sort of cross-forest mailbox permissions at first. After a couple of years Microsoft made it possible for full access permissions to work cross-premises.

Recently Microsoft has improved the cross-forest permissions story for Exchange Hybrid migrations. In this blog post, I’ll give you the information you need to set the different permissions in your Exchange Hybrid deployment.

Read More

New Azure Active directory Features

As more IT services move to the cloud, the need for better security features will only increase. People want to be able to log in hassle-free, but organizations need strong authentication security. The fastest way for this move to cloud service to fail is going to be though a large security breach. Microsoft is aware of all these facts, and they are putting a lot of work into ensuring that logging into their cloud servers is both easy and secure.

Microsoft has been investing in security and identity features for Azure Active Directory. These new features are becoming Generally Available (GA) within Azure Active Directory. In this blog post I’m going to delve into some of the new identity protection features in Azure Active Directory.

Read More

Securing Administrator Access with Privileged Identity Management for Azure Active Directory

In any IT organization there are administrative tasks that need powerful admin privileges. It's a good security practice that accounts should have the fewest permissions necessary, and only for the period of time they need them. But managing the temporary assignment of admin permissions becomes time consuming. As a result, many organizations assign them on a permanent basis, which is not ideal.

Furthermore, auditing the assignment of administrative permissions is a challenging task. Many of us have used custom scripts and third party reporting tools to keep track of permissions.

Read More

Creating Surveys in Office 365: Microsoft Forms vs. SharePoint Survey App

Recently I've been working on a project to package about 1500 applications for distribution through SCCM. To gather the information I need, I wrote a 50-question survey for a few hundred people to answer. The challenge was to get this survey to a large audience and turn the results into actionable information.

There are a variety of services available online for running surveys. This customer is using Office 365, so I wanted to make use of their existing resources. Today, Office 365 has two solutions for running surveys:

Read More

What-If for Conditional Access

Conditional Access is a premium feature of Azure Active Directory that allows administrators to specify conditions under which users can authenticate into other cloud services. With conditional access, you can specify that a certain set of users can only authenticate to specific applications from specific IPs for example.

The hard part about conditional access is that it takes a lot of work to configure and test the policies. Ensuring that you know how a policy is going to affect your users is critical. In this blog post I’m going to look at a new tool in the Conditional Access line that helps with this problem. "Azure-Active Directory-Conditional Access-What If" gives administrators a new way to test Conditional Access policies to see what the effect of applying those policies will be.

Read More